Police body cams found pre-installed with notorious Conficker worm

One of the world's most prolific pieces of malware is found in cams from Martel.

One of the world's most prolific computer worms has been found infecting several police body cameras that were sent to security researchers, the researchers reported.

According to a blog post published last week by security firm iPower, multiple police cams manufactured by Martel Electronics came pre-installed with Win32/Conficker.B!inf. When one such camera was attached to a computer in the iPower lab, it immediately triggered the PC's antivirus program. When company researchers allowed the worm to infect the computer, the computer then attempted to spread the infection to other machines on the network.

"iPower initiated a call and multiple emails to the camera manufacturer, Martel, on November 11th 2015," the researchers wrote in the blog post. "Martel staff has yet to provide iPower with an official acknowledgement of the security vulnerability. iPower President, Jarrett Pavao, decided to take the story public due to the huge security implications of these cameras being shipped to government agencies and police departments all over the country."

Conficker was especially hard to contain because it used a variety of advanced methods to self-propagate, including exploiting weaknesses in the Windows autostart feature when users inserted USB drives into their computers. The malware also generated hundreds of pseudo-random domain names each day that infected machines could contact to receive new instructions. The scheme allowed the botnet to survive even when old domain names were turned over to the working group. There are at least five significant variations of Conficker that are denoted with the letters A through E.

To this day, researchers aren't sure what the purpose of the malware was. Remarkably, Conficker's unknown operators were never observed using the worm to steal bank account credentials, passwords, or any other type of personal data from the PCs they infected. In 2009, Microsoft offered a $250,000 reward for information leading to the conviction of those responsible for the menace.

A report that police cameras are shipping with Conficker.B preinstalled is testament to the worm's relentlessness. It's also troubling because the cameras can be crucial in criminal trials. If an attorney can prove that a camera is infected with malware, it's plausible that the vulnerability could be grounds for the video it generated to be thrown out of court, or at least to create reasonable doubt in the minds of jurors. Infected cameras can also infect and badly bog down the networks of police forces, some of which still use outdated computers and ineffective security measures.

Promoted Comments

Given that these cameras exist to provide evidence in court, it appears that the industry and government is bending to public opinion by rushing untested equipment into service in a way that could compromise the utility of what could be beneficial technology if deployed correctly.

W32.Downadup.B creates an autorun.inf file on all mapped drives so that the threat automatically executes when the drive is accessed. The threat then monitors for drives that are connected to the compromised computer in order to create an autorun.inf file as soon as the drive becomes accessible. The worm also monitors DNS requests to domains containing certain strings and blocks access to those domains so that it will appear that the network request timed out. This means infected users may not be able to update their security software from those Web sites. This can be problematic as worm authors generally dish out new variants constantly

It then runs a network buffer overflow exploit on a Windows Server Service to actually install itself.

Thing is, this should have been patched in 2009. I would hope most police departments would be safe from this by now, but why was it still running loose on Martel's networks then?